From e6065260dd1596e38b7b82be002176dd9f757395 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Mon, 22 Jul 2024 14:47:16 +0000 Subject: Use cipher suite values instead of IDs. OpenSSL has had the concept of cipher IDs, which were a way of working around overlapping cipher suite values between SSLv2 and SSLv3. Given that we no longer have to deal with this issue, replace the use of IDs with cipher suite values. In particular, this means that we can stop mapping back and forth between the two, simplifying things considerably. While here, remove the 'valid' member of the SSL_CIPHER. The ssl3_ciphers[] table is no longer mutable, meaning that ciphers cannot be disabled at runtime (and we have `#if 0' if we want to do it at compile time). Clean up the comments and add/update RFC references for cipher suites. ok tb@ --- lib/libssl/ssl_pkt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/libssl/ssl_pkt.c') diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 7d6785a3de0..740fe97192e 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.67 2024/07/20 04:04:23 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.68 2024/07/22 14:47:15 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1235,7 +1235,7 @@ ssl3_do_change_cipher_spec(SSL *s) return (0); } - s->session->cipher_id = s->s3->hs.cipher->id; + s->session->cipher_value = s->s3->hs.cipher->value; if (!tls1_setup_key_block(s)) return (0); -- cgit v1.2.3